}
debugLog("saving profile " . $userid);
if (isset($_POST['name'])) {
$name = var_in($_POST['name']);
}
if (isset($_POST['email'])) {
$email = var_in($_POST['email'], 'email');
}
if (isset($_POST['timezone'])) {
$timezone = var_in($_POST['timezone']);
}
if (isset($_POST['lang'])) {
$lang = var_in($_POST['lang']);
}
if (isset($_POST['show_htmleditor'])) {
$htmleditor = var_in($_POST['show_htmleditor']);
} else {
$htmleditor = '';
}
# check to see if passwords are changing
if (isset($_POST['sitepwd'])) {
$pwd1 = $_POST['sitepwd'];
}
if (isset($_POST['sitepwd_confirm'])) {
$pwd2 = $_POST['sitepwd_confirm'];
}
// do password checking
if ($pwd1 != $pwd2 || $adding === true && (empty($pwd1) || $pwd1 !== $pwd2)) {
# passwords do not match if changing or adding users passwords
$error = i18n_r('PASSWORD_NO_MATCH');
$password = '';
* @package GetSimple
* @subpackage Theme
*/
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
login_cookie_check();
# variable settings
$path = GSDATAOTHERPATH;
$file = GSWEBSITEFILE;
$theme_options = '';
# was the form submitted?
if (isset($_POST['submitted']) && isset($_POST['template'])) {
check_for_csrf("activate");
# get passed value from form
$newTemplate = var_in($_POST['template']);
if (!path_is_safe(GSTHEMESPATH . $newTemplate, GSTHEMESPATH)) {
die;
}
# backup old GSWEBSITEFILE (website.xml) file
$bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
// backups/other/
createBak($file, $path, $bakpath);
# udpate GSWEBSITEFILE (website.xml) file with new theme
$xml = new SimpleXMLExtended('<item></item>');
$note = $xml->addChild('SITENAME');
$note->addCData($SITENAME);
$note = $xml->addChild('SITEURL');
$note->addCData($SITEURL);
$note = $xml->addChild('TEMPLATE');
$note->addCData($newTemplate);
} else {
$draft = false;
// @todo this is to force no draft on new pages until we allow drafts
// prefill fields if provided
$title = isset($_GET['title']) ? var_in($_GET['title']) : '';
$template = isset($_GET['template']) ? var_in($_GET['template']) : '';
$parent = isset($_GET['parent']) ? var_in($_GET['parent']) : '';
$menu = isset($_GET['menu']) ? var_in($_GET['menu']) : '';
$private = isset($_GET['private']) ? var_in($_GET['private']) : '';
$menuStatus = isset($_GET['menuStatus']) ? var_in($_GET['menuStatus']) : '';
$menuOrder = isset($_GET['menuOrder']) ? var_in($_GET['menuOrder']) : '';
$titlelong = isset($_GET['titlelong']) ? var_in($_GET['titlelong']) : '';
$summary = isset($_GET['summary']) ? var_in($_GET['summary']) : '';
$metarNoIndex = isset($_GET['metarNoIndex']) ? var_in($_GET['metarNoIndex']) : '';
$metarNoFollow = isset($_GET['metarNoFollow']) ? var_in($_GET['metarNoFollow']) : '';
$metarNoArchive = isset($_GET['metarNoArchive']) ? var_in($_GET['metarNoArchive']) : '';
$buttonname = i18n_r('BTN_SAVEPAGE');
}
$newdraft = $draft && !$draftExists;
// (bool) is this a new never saved draft?
$path = find_url($url, $parent);
// make select box of available theme templates
if ($template == '') {
$template = GSTEMPLATEFILE;
}
$themes_path = GSTHEMESPATH . $TEMPLATE;
$themes_handle = opendir($themes_path) or die("Unable to open " . GSTHEMESPATH);
while ($getfile = readdir($themes_handle)) {
if (isFile($getfile, $themes_path, 'php')) {
// exclude functions.php, and include files .inc.php
if ($getfile != 'functions.php' && substr(strtolower($getfile), -8) != '.inc.php' && substr($getfile, 0, 1) !== '.') {
}
if (isset($_GET['upd'])) {
$update = var_in($_GET['upd']);
}
if (isset($_GET['success'])) {
$success = var_in($_GET['success']);
}
if (isset($_GET['error'])) {
$error = var_in($_GET['error']);
}
// if(isset($_GET['err'])) $err = var_in($_GET['err']); // deprecated not used
if (isset($_GET['id'])) {
$errid = var_in($_GET['id']);
}
if (isset($_GET['old'])) {
$oldid = var_in($_GET['old']);
}
if (isset($_GET['updated']) && $_GET['updated'] == 1) {
$success = i18n_r('SITE_UPDATED');
}
// for update.php only
switch ($update) {
case 'bak-success':
doNotify(sprintf(i18n_r('ER_BAKUP_DELETED'), $errid) . '</p>', 'success');
break;
case 'bak-err':
doNotify('<b>' . i18n_r('ERROR') . ':</b> ' . i18n_r('ER_REQ_PROC_FAIL'), 'error');
break;
case 'edit-success':
if ($ptype == 'edit' && !isset($oldid)) {
doNotify(sprintf(i18n_r('ER_YOUR_CHANGES'), $id) . '. <a href="backup-edit.php?p=restore&id=' . $id . '&nonce=' . get_nonce("restore", "backup-edit.php") . '">' . i18n_r('UNDO') . '</a>', 'success');
*
* Code to either create or edit a page. This is the action page
* for the form on edit.php
*
* @package GetSimple
* @subpackage Page-Edit
*/
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
$draft = isset($_GET['nodraft']) || isset($_POST['post-nodraft']) || !getDef('GSUSEDRAFTS', true) ? false : true;
// (bool) using draft pages
if (isset($_GET['publish']) && isset($_GET['id'])) {
$id = var_in(_id($_GET['id']));
safemodefail('publish', 'edit.php?id=' . $id);
if (!filepath_is_safe(GSDATADRAFTSPATH . $id . '.xml', GSDATADRAFTSPATH)) {
$status = false;
} else {
$status = publishDraft($id);
}
if ($status) {
exec_action('draft-publish');
// @hook draft-publish a draft was published
generate_sitemap();
// regenerates sitemap
}
redirect("pages.php?id=" . $id . "&upd=publish-" . ($status ? 'success' : 'error'));
die;
}
if (isset($_POST['template'])) {
// $TEMPLATE = $_POST['template'];
}
if (isset($_POST['prettyurls'])) {
$PRETTYURLS = $_POST['prettyurls'];
} else {
$PRETTYURLS = '';
}
if (isset($_POST['email'])) {
$SITEEMAIL = var_in($_POST['email'], 'email');
}
if (isset($_POST['timezone'])) {
$SITETIMEZONE = var_in($_POST['timezone']);
}
if (isset($_POST['lang'])) {
$SITELANG = var_in($_POST['lang']);
}
// check valid lang files
if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) {
die;
}
# create website xml file
$bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
// backups/other/
createBak(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath);
$xmls = new SimpleXMLExtended('<item></item>');
$note = $xmls->addChild('SITENAME');
$note->addCData($SITENAME);
$note = $xmls->addChild('SITEURL');
$note->addCData($SITEURL);
$note = $xmls->addChild('TEMPLATE');
*
* Displays all pages
*
* @package GetSimple
* @subpackage Page-Edit
*/
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
exec_action('load-pages');
// Variable settings
// inputs for error_checking
$id = isset($_GET['id']) ? var_in($_GET['id']) : null;
$ptype = isset($_GET['type']) ? var_in($_GET['type']) : null;
$path = GSDATAPAGESPATH;
$counter = '0';
$table = '';
// cloning a page
if (isset($_GET['action']) && isset($_GET['id']) && $_GET['action'] == 'clone') {
check_for_csrf("clone", "pages.php");
$status = clone_page($_GET['id']);
if ($status !== false) {
exec_action('page-clone');
// @hook page-clone page was cloned
redirect('pages.php?upd=clone-success&id=' . $status);
} else {
$error = sprintf(i18n_r('CLONE_ERROR'), var_out($_GET['id']));
redirect('pages.php?error=' . $error);
}
$template = $TEMPLATE;
$theme_templates = '';
# were changes submitted?
if (isset($_GET['t'])) {
$_GET['t'] = strippath($_GET['t']);
if ($_GET['t'] && is_dir(GSTHEMESPATH . $_GET['t'] . '/')) {
$template = $_GET['t'];
}
}
if (isset($_GET['f'])) {
if (is_file(GSTHEMESPATH . $template . '/' . $_GET['f'])) {
$template_file = $_GET['f'];
}
}
if (isset($_POST['themesave'])) {
$themesave = var_in($_POST['themesave']);
if ($themesave == "default") {
setcookie('gs_editor_theme', '', time() - 3600);
} else {
setcookie('gs_editor_theme', $themesave);
}
return;
}
$themepath = GSTHEMESPATH . tsl($template);
// prevent traversal
if ($template_file != '' and !filepath_is_safe($themepath . $template_file, $themepath)) {
die(i18n_r('INVALID_OPER'));
}
# if no template is selected, use the default
if ($template_file == '') {
$template_file = GSTEMPLATEFILE;
if (isset($_POST['prettyurls'])) {
$PRETTYURLS = $_POST['prettyurls'];
} else {
$PRETTYURLS = '';
}
if (isset($_POST['email'])) {
$SITEEMAIL = var_in($_POST['email'], 'email');
}
if (isset($_POST['timezone'])) {
$SITETIMEZONE = var_in($_POST['timezone']);
}
if (isset($_POST['lang'])) {
$SITELANG = var_in($_POST['lang']);
}
if (isset($_POST['about'])) {
$SITEABOUT = var_in($_POST['about']);
}
// check valid lang files
if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) {
die;
}
# create website xml file
backup_datafile(GSDATAOTHERPATH . GSWEBSITEFILE);
// new xml
$xmls = new SimpleXMLExtended('<item></item>');
$note = $xmls->addChild('SITENAME');
$note->addCData($SITENAME);
$note = $xmls->addChild('SITEURL');
$note->addCData($SITEURLNEW);
$note = $xmls->addChild('TEMPLATE');
$note->addCData($TEMPLATE);
}
case 'bak-success':
// backup delete success
doNotify(sprintf(i18n_r('ER_BAKUP_DELETED'), $errid) . '</p>', 'success');
if (!$dbn) {
break;
}
case 'bak-err':
// backup general error
doNotify('<b>' . i18n_r('ERROR') . ':</b> ' . i18n_r('ER_REQ_PROC_FAIL'), 'error');
if (!$dbn) {
break;
}
case 'edit-success':
if (!isset($ptype) && isset($_GET['ptype'])) {
$ptype = var_in($_GET['ptype']);
}
// preset update tokens
$draftqs = '';
if (isset($_GET['upd-draft']) || isset($upddraft) && $upddraft == true) {
$draftqs = '&draft';
$dispid = $id . ' (' . titlecase(i18n_r('LABEL_DRAFT')) . ')';
} else {
$dispid = $id;
}
if ($ptype == 'edit' && !isset($oldid)) {
// page edit changes saved, undo, restore
doNotify(sprintf(i18n_r('ER_YOUR_CHANGES'), $dispid) . '. <a href="backup-edit.php?p=restore&id=' . $id . $draftqs . '&nonce=' . get_nonce("restore", "backup-edit.php") . '">' . i18n_r('UNDO') . '</a>', 'success', true);
} elseif ($ptype == 'edit' && isset($oldid)) {
// page edit changes saved, undo, restore with slug change
doNotify(sprintf(i18n_r('ER_YOUR_CHANGES'), $dispid) . '. <a href="backup-edit.php?p=restore&id=' . $oldid . '&new=' . $id . $draftqs . '&nonce=' . get_nonce("restore", "backup-edit.php") . '">' . i18n_r('UNDO') . '</a>', 'success', true);
$uploadsPathRel = getRelPath(GSDATAUPLOADPATH);
$path = isset($_GET['path']) ? $uploadsPath . $_GET['path'] : $uploadsPath;
$subPath = isset($_GET['path']) ? $_GET['path'] : "";
if (!path_is_safe($path, GSDATAUPLOADPATH)) {
die;
}
$returnid = isset($_GET['returnid']) ? var_in($_GET['returnid']) : "";
$func = isset($_GET['func']) ? $_GET['func'] : "";
$path = tsl($path);
// check if host uses Linux (used for displaying permissions
$isUnixHost = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? false : true;
$CKEditorFuncNum = isset($_GET['CKEditorFuncNum']) ? var_in($_GET['CKEditorFuncNum']) : '';
$sitepath = $SITEURL;
$fullPath = $SITEURL . $uploadsPathRel;
// url path to image
$type = isset($_GET['type']) ? var_in($_GET['type']) : '';
global $LANG;
$LANG_header = preg_replace('/(?:(?<=([a-z]{2}))).*/', '', $LANG);
?>
<!DOCTYPE html>
<html lang="<?php
echo $LANG_header;
?>
">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><?php
echo i18n_r('FILE_BROWSER');
?>
</title>
